4 Replies - 6273 Views - Last Post: 08 June 2009 - 11:52 AM Rate Topic: -----

#1 Top Dog  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 21-May 09

Login using web.config

Posted 22 May 2009 - 11:42 AM

I am trying to require authentication for a specific folder of a website. It is an administration area, so there is no need for multiple users or roles. Either you are the admin or not. I thought I could get it to work using this code in the webconfig:

<authentication mode="Forms">

	  <forms loginUrl="adminlogin.aspx">

		<credentials>

		  <user name="admin" password="admin" />

		</credentials>

	  </forms>

	</authentication>
 </system.Web>
 <location path="admin">
	<system.web>
	  <authorization>
		<deny users="?" />
	  </authorization>
	</system.web>
  </location>



This works well in prohibiting access to anything in the directory "admin" it bounces you back to the login page. Only problem is when you log it with admin,admin, it then redirects to the page it is supposed to, but I get the following error:

"An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"

I thought maybe it was due to the webpage being access AFTER authentication connecting to the remote database, but I created a "test.aspx" page, putting only some text in the body, and put it in the admin folder. On loging in, it throws the same error.

What database is the login.aspx page trying to access?

Is This A Good Question/Topic? 0
  • +

Replies To: Login using web.config

#2 JayFCox  Icon User is offline

  • New D.I.C Head

Reputation: 5
  • View blog
  • Posts: 41
  • Joined: 31-May 09

Re: Login using web.config

Posted 31 May 2009 - 11:21 AM

View PostTop Dog, on 22 May, 2009 - 10:42 AM, said:

<snip />

This works well in prohibiting access to anything in the directory "admin" it bounces you back to the login page. Only problem is when you log it with admin,admin, it then redirects to the page it is supposed to, but I get the following error:

"An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"

I thought maybe it was due to the webpage being access AFTER authentication connecting to the remote database, but I created a "test.aspx" page, putting only some text in the body, and put it in the admin folder. On loging in, it throws the same error.

What database is the login.aspx page trying to access?


I'm not seeing anything wrong with your authentication code, although I see you do mention it is a remote server, but the server isn't set up for remote connections.
Was This Post Helpful? 0
  • +
  • -

#3 Gaurav Singla  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 5
  • Joined: 16-February 09

Re: Login using web.config

Posted 04 June 2009 - 09:27 PM

Hey, You should try debugging your code. Perhaps the exception is being generated by some sql statement in your code. As i know, this type of exception is generated by sql server when supplying wrong connection string.
Just try to debug your code and figure it out which statement is causing this exception.
Was This Post Helpful? 0
  • +
  • -

#4 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5882
  • View blog
  • Posts: 12,760
  • Joined: 16-October 07

Re: Login using web.config

Posted 05 June 2009 - 04:17 AM

It looks like you've already got a database authentication mechanism running?

If it's only one page, I'd just do something outside ASP.NET's mechanism. I seem to always end up rolling my own, anyhow.

On the page you want protected, put something like this:
protected void Page_Load(object sender, EventArgs e) {
	string userName = (string)Session["CurrentUser"];
	if (userName != "admin") {
		this.Response.Write("<html><p>Sorry, only authorized users can access this content.</p>");
		this.Response.Write("<p>Please <a href=\"Login.aspx\">login</a>.</p>");
		this.Response.End();
	}
}



In your login page as for a username and password. If it passes, place it in the session and redirect back to the calling page.
Was This Post Helpful? 0
  • +
  • -

#5 woodjom  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 29
  • View blog
  • Posts: 549
  • Joined: 08-May 08

Re: Login using web.config

Posted 08 June 2009 - 11:52 AM

Is this a Intranet or Extranet site?

If this is Extranet (internet) then i would suggest having a login page or a login widget placed in your home page and authenticating that way into the admin section. Alot easier than what you are trying to do.

Dont use web.config to catalog the username and passwords for access to areas. I would incorporate at least an access database for this and use access rights to control where they go.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1